1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.util.GetterUtil;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.Layout;
30  import com.liferay.portal.model.PortletConstants;
31  import com.liferay.portal.model.Resource;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.security.auth.PrincipalException;
35  import com.liferay.portal.security.permission.ActionKeys;
36  import com.liferay.portal.security.permission.PermissionChecker;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39  import com.liferay.portal.service.permission.GroupPermissionUtil;
40  import com.liferay.portal.service.permission.PortletPermissionUtil;
41  import com.liferay.portal.service.permission.UserPermissionUtil;
42  
43  import java.util.List;
44  
45  /**
46   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
47   *
48   * @author Brian Wing Shun Chan
49   */
50  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
51  
52      public void checkPermission(long groupId, long resourceId)
53          throws PortalException, SystemException {
54  
55          checkPermission(getPermissionChecker(), groupId, resourceId);
56      }
57  
58      public void checkPermission(long groupId, String name, long primKey)
59          throws PortalException, SystemException {
60  
61          checkPermission(getPermissionChecker(), groupId, name, primKey);
62      }
63  
64      public void checkPermission(long groupId, String name, String primKey)
65          throws PortalException, SystemException {
66  
67          checkPermission(getPermissionChecker(), groupId, name, primKey);
68      }
69  
70      public boolean hasGroupPermission(
71              long groupId, String actionId, long resourceId)
72          throws SystemException {
73  
74          return permissionLocalService.hasGroupPermission(
75              groupId, actionId, resourceId);
76      }
77  
78      public boolean hasUserPermission(
79              long userId, String actionId, long resourceId)
80          throws SystemException {
81  
82          return permissionLocalService.hasUserPermission(
83              userId, actionId, resourceId);
84      }
85  
86      public boolean hasUserPermissions(
87              long userId, long groupId, List<Resource> resources,
88              String actionId, PermissionCheckerBag permissionCheckerBag)
89          throws PortalException, SystemException {
90  
91          return permissionLocalService.hasUserPermissions(
92              userId, groupId, resources, actionId, permissionCheckerBag);
93      }
94  
95      public void setGroupPermissions(
96              long groupId, String[] actionIds, long resourceId)
97          throws PortalException, SystemException {
98  
99          checkPermission(getPermissionChecker(), groupId, resourceId);
100 
101         permissionLocalService.setGroupPermissions(
102             groupId, actionIds, resourceId);
103     }
104 
105     public void setGroupPermissions(
106             String className, String classPK, long groupId,
107             String[] actionIds, long resourceId)
108         throws PortalException, SystemException {
109 
110         checkPermission(getPermissionChecker(), groupId, resourceId);
111 
112         permissionLocalService.setGroupPermissions(
113             className, classPK, groupId, actionIds, resourceId);
114     }
115 
116     public void setOrgGroupPermissions(
117             long organizationId, long groupId, String[] actionIds,
118             long resourceId)
119         throws PortalException, SystemException {
120 
121         checkPermission(getPermissionChecker(), groupId, resourceId);
122 
123         permissionLocalService.setOrgGroupPermissions(
124             organizationId, groupId, actionIds, resourceId);
125     }
126 
127     public void setRolePermission(
128             long roleId, long groupId, String name, int scope, String primKey,
129             String actionId)
130         throws PortalException, SystemException {
131 
132         checkPermission(
133             getPermissionChecker(), groupId, Role.class.getName(), roleId);
134 
135         permissionLocalService.setRolePermission(
136             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
137     }
138 
139     public void setRolePermissions(
140             long roleId, long groupId, String[] actionIds, long resourceId)
141         throws PortalException, SystemException {
142 
143         checkPermission(getPermissionChecker(), groupId, resourceId);
144 
145         permissionLocalService.setRolePermissions(
146             roleId, actionIds, resourceId);
147     }
148 
149     public void setUserPermissions(
150             long userId, long groupId, String[] actionIds, long resourceId)
151         throws PortalException, SystemException {
152 
153         checkPermission(getPermissionChecker(), groupId, resourceId);
154 
155         permissionLocalService.setUserPermissions(
156             userId, actionIds, resourceId);
157     }
158 
159     public void unsetRolePermission(
160             long roleId, long groupId, long permissionId)
161         throws SystemException, PortalException {
162 
163         checkPermission(
164             getPermissionChecker(), groupId, Role.class.getName(), roleId);
165 
166         permissionLocalService.unsetRolePermission(roleId, permissionId);
167     }
168 
169     public void unsetRolePermission(
170             long roleId, long groupId, String name, int scope, String primKey,
171             String actionId)
172         throws PortalException, SystemException {
173 
174         checkPermission(
175             getPermissionChecker(), groupId, Role.class.getName(), roleId);
176 
177         permissionLocalService.unsetRolePermission(
178             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
179     }
180 
181     public void unsetRolePermissions(
182             long roleId, long groupId, String name, int scope, String actionId)
183         throws PortalException, SystemException {
184 
185         checkPermission(
186             getPermissionChecker(), groupId, Role.class.getName(), roleId);
187 
188         permissionLocalService.unsetRolePermissions(
189             roleId, getUser().getCompanyId(), name, scope, actionId);
190     }
191 
192     public void unsetUserPermissions(
193             long userId, long groupId, String[] actionIds, long resourceId)
194         throws PortalException, SystemException {
195 
196         checkPermission(getPermissionChecker(), groupId, resourceId);
197 
198         permissionLocalService.unsetUserPermissions(
199             userId, actionIds, resourceId);
200     }
201 
202     protected void checkPermission(
203             PermissionChecker permissionChecker, long groupId,
204             long resourceId)
205         throws PortalException, SystemException {
206 
207         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
208 
209         checkPermission(
210             permissionChecker, groupId, resource.getName(),
211             resource.getPrimKey().toString());
212     }
213 
214     protected void checkPermission(
215             PermissionChecker permissionChecker, long groupId, String name,
216             long primKey)
217         throws PortalException, SystemException {
218 
219         checkPermission(
220             permissionChecker, groupId, name, String.valueOf(primKey));
221     }
222 
223     protected void checkPermission(
224             PermissionChecker permissionChecker, long groupId, String name,
225             String primKey)
226         throws PortalException, SystemException {
227 
228         if (name.equals(Group.class.getName())) {
229             GroupPermissionUtil.check(
230                 permissionChecker, GetterUtil.getLong(primKey),
231                 ActionKeys.PERMISSIONS);
232         }
233         else if (name.equals(Layout.class.getName())) {
234             long plid = GetterUtil.getLong(primKey);
235 
236             Layout layout = layoutPersistence.findByPrimaryKey(plid);
237 
238             GroupPermissionUtil.check(
239                 permissionChecker, layout.getGroupId(),
240                 ActionKeys.MANAGE_LAYOUTS);
241         }
242         else if (name.equals(User.class.getName())) {
243             long userId = GetterUtil.getLong(primKey);
244 
245             User user = userPersistence.findByPrimaryKey(userId);
246 
247             UserPermissionUtil.check(
248                 permissionChecker, userId, user.getOrganizationIds(),
249                 ActionKeys.PERMISSIONS);
250         }
251         else if ((primKey != null) &&
252                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
253 
254             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
255 
256             long plid = GetterUtil.getLong(primKey.substring(0, pos));
257 
258             String portletId = primKey.substring(
259                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
260                 primKey.length());
261 
262             if (!PortletPermissionUtil.contains(
263                     permissionChecker, plid, portletId,
264                     ActionKeys.CONFIGURATION)) {
265 
266                 throw new PrincipalException();
267             }
268         }
269         else if (!permissionChecker.hasPermission(
270                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
271                  !permissionChecker.hasPermission(
272                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
273 
274             throw new PrincipalException();
275         }
276     }
277 
278 }